CVE-2021-20146 Vulnerability Details

  /     /     /  

CVE-2021-20146 Metadata Quick Info

CVE Published: 09/12/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: tenable | Vendor: n/a | Product: Gryphon Tower router
Status : PUBLISHED

CVE-2021-20146 Description

An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root access to a server affiliated with Gryphon\'s development and infrastructure. At the time of discovery, the ssh key could be used to login to the development server hosted in Amazon Web Services.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Storage of Sensitive Data in a Mechanism without Access Control
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-20146 Vulnerability Details